- Add debian patches

- Add tmux group for improved socket handling

tmux-1.0-02_fix_wrong_location.diff

@@ -0,0 +1,59 @@
+# correct directory /usr/local 
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -8,7 +8,7 @@
+ 
+ CC?= gcc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+ 
+ ifdef FDEBUG
+@@ -30,7 +30,7 @@
+ endif
+ endif
+ 
+-PREFIX?= /usr/local
++PREFIX?= /usr/
+ INSTALLDIR= install -d
+ INSTALLBIN= install -g bin -o root -m 555
+ INSTALLMAN= install -g bin -o root -m 444
+@@ -59,7 +59,7 @@
+ install:	all
+ 		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
+ 		$(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
+-		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
+-		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
++		$(INSTALLDIR) $(DESTDIR)$(PREFIX)share/man/man1
++		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)share/man/man1/tmux.1
+ 
+ -include .depend
+--- a/Makefile
++++ b/Makefile
+@@ -9,7 +9,7 @@
+ 
+ CC?= cc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+ 
+ .ifdef FDEBUG
+@@ -32,7 +32,7 @@
+ .endif
+ .endif
+ 
+-PREFIX?= /usr/local
++PREFIX?= /usr
+ INSTALLDIR= install -d
+ INSTALLBIN= install -g bin -o root -m 555
+ INSTALLMAN= install -g bin -o root -m 444
+@@ -64,5 +64,5 @@
+ install:	all
+ 		${INSTALLDIR} ${DESTDIR}${PREFIX}/bin
+ 		${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/
+-		${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1
+-		${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/
++		${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1
++		${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/

tmux-1.0-03_proper_socket_handling.diff

@@ -0,0 +1,45 @@
+# setting /usr/bin/tmux with sgid and proper location of socket
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -32,7 +32,7 @@
+ 
+ PREFIX?= /usr/
+ INSTALLDIR= install -d
+-INSTALLBIN= install -g bin -o root -m 555
++INSTALLBIN= install -g utmp -o root -m 2755
+ INSTALLMAN= install -g bin -o root -m 444
+ 
+ SRCS= $(shell echo *.c|sed 's|osdep-[a-z0-9]*.c||g')
+--- a/Makefile
++++ b/Makefile
+@@ -34,7 +34,7 @@
+ 
+ PREFIX?= /usr
+ INSTALLDIR= install -d
+-INSTALLBIN= install -g bin -o root -m 555
++INSTALLBIN= install -g utmp -o root -m 2755
+ INSTALLMAN= install -g bin -o root -m 444
+ 
+ SRCS!= echo *.c|sed 's|osdep-[a-z0-9]*.c||g'
+--- a/compat.h
++++ b/compat.h
+@@ -25,7 +25,7 @@
+ 
+ #ifndef HAVE_PATHS_H
+ #define	_PATH_BSHELL	"/bin/sh"
+-#define	_PATH_TMP	"/tmp/"
++#define _PATH_VARRUN    "/var/run/"
+ #define _PATH_DEVNULL	"/dev/null"
+ #define _PATH_TTY	"/dev/tty"
+ #define _PATH_DEV	"/dev/"
+--- a/tmux.c
++++ b/tmux.c
+@@ -239,7 +239,7 @@
+ 	u_int		uid;
+ 
+ 	uid = getuid();
+-	xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid);
++	xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
+ 
+ 	if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
+ 		return (NULL);

tmux-1.0-04_dropping_unnecessary_privileges.diff

@@ -0,0 +1,26 @@
+# using setresgid() for safely dropping utmp group membership.
+--- a/tmux.c
++++ b/tmux.c
+@@ -236,9 +236,11 @@
+ {
+ 	char		base[MAXPATHLEN], *path;
+ 	struct stat	sb;
+-	u_int		uid;
++	u_int		uid,gid;
+ 
+ 	uid = getuid();
++	gid = getgid();
++
+ 	xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
+ 
+ 	if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
+@@ -254,6 +256,9 @@
+ 		errno = EACCES;
+ 		return (NULL);
+ 	}
++	/* drop unnecessary privileges */
++ 	if (setresgid(gid, gid, gid) != 0)
++ 		return (NULL);
+ 
+ 	xasprintf(&path, "%s/%s", base, label);
+ 	return (path);

tmux-1.0-06_hardening_write_return.diff

@@ -0,0 +1,56 @@
+# Harden write and chdir because of ignored return value
+--- a/tty.c
++++ b/tty.c
+@@ -336,7 +336,8 @@
+ void
+ tty_raw(struct tty *tty, const char *s)
+ {
+-	write(tty->fd, s, strlen(s));
++	if (write(tty->fd, s, strlen(s)) == -1)
++		fatal("write failed");
+ }
+ 
+ void
+@@ -369,7 +370,8 @@
+ 	buffer_write(tty->out, s, strlen(s));
+ 
+ 	if (tty->log_fd != -1)
+-		write(tty->log_fd, s, strlen(s));
++		if (write(tty->log_fd, s, strlen(s)) == -1)
++			fatal("write failed");
+ }
+ 
+ void
+@@ -394,7 +396,8 @@
+ 	}
+ 
+ 	if (tty->log_fd != -1)
+-		write(tty->log_fd, &ch, 1);
++		if (write(tty->log_fd, &ch, 1) == -1)
++			fatal("write failed");
+ }
+ 
+ void
+@@ -407,7 +410,8 @@
+ 			break;
+ 		buffer_write8(tty->out, gu->data[i]);
+ 		if (tty->log_fd != -1)
+-			write(tty->log_fd, &gu->data[i], 1);
++			if (write(tty->log_fd, &gu->data[i], 1) == -1)
++				fatal("write failed");
+ 	}
+ 
+ 	width = utf8_width(gu->data);
+--- a/window.c
++++ b/window.c
+@@ -490,7 +490,9 @@
+ 		return (-1);
+ 	case 0:
+ 		if (chdir(wp->cwd) != 0)
+-			chdir("/");
++			if (chdir("/") <0 )
++				fatal("chdir failed");
++
+ 
+ 		if (tcgetattr(STDIN_FILENO, &tio2) != 0)
+ 			fatal("tcgetattr failed");

tmux-1.0-fixmanpagedir.patch

@@ -1,22 +0,0 @@
-diff --git a/GNUmakefile b/GNUmakefile
-index 5528a9f..96e7088 100644
---- a/GNUmakefile
-+++ b/GNUmakefile
-@@ -31,6 +31,7 @@ endif
- endif
- 
- PREFIX?= /usr/local
-+MANDIR?= ${PREFIX}/man
- INSTALLDIR= install -d
- INSTALLBIN= install -g bin -o root -m 555
- INSTALLMAN= install -g bin -o root -m 444
-@@ -59,7 +60,7 @@ clean-all:	clean clean-depend
- install:	all
- 		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
- 		$(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
--		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
--		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
-+		$(INSTALLDIR) $(DESTDIR)$(MANDIR)/man1
-+		$(INSTALLMAN) tmux.1 $(DESTDIR)$(MANDIR)/man1/tmux.1
- 
- -include .depend

tmux.spec

@@ -1,6 +1,6 @@
 Name:           tmux
 Version:        1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A terminal multiplexer
 
 Group:          Applications/System
@@ -8,10 +8,15 @@ Group:          Applications/System
 # 3 clause BSD licensed.
 License:        ISC and BSD
 URL:            http://sourceforge.net/projects/tmux
+Requires(pre):  /usr/sbin/groupadd
+Requires(preun): /usr/sbin/groupdel
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 # This first patch creates MANDIR in the GNUmakefile.  This has been sent
 # upstream via email but upstream replied and said would not change.
-Patch0:         tmux-1.0-fixmanpagedir.patch
+Patch0:         tmux-1.0-02_fix_wrong_location.diff
+Patch1:         tmux-1.0-03_proper_socket_handling.diff
+Patch2:         tmux-1.0-04_dropping_unnecessary_privileges.diff
+Patch3:         tmux-1.0-06_hardening_write_return.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  ncurses-devel
@@ -24,7 +29,10 @@ as GNU Screen.
 
 %prep
 %setup -q
-%patch0 -p1 -b .fixmanpagedir
+%patch0 -p1 -b .location
+%patch1 -p1 -b .sockethandling
+%patch2 -p1 -b .dropprivs
+%patch3 -p1 -b .writehard
 
 %build
 %configure
@@ -32,18 +40,32 @@ make %{?_smp_mflags} LDFLAGS="%{optflags}"
 
 %install
 rm -rf %{buildroot}
-make install PREFIX=%{_prefix} MANDIR=%{_mandir} DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+
+# Create the socket dir
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
 
 %clean
 rm -rf %{buildroot}
 
+%pre
+%{_sbindir}/groupadd -r tmux &>/dev/null || :
+
+%postun
+%{_sbindir}/groupdel tmux || :
+
 %files
 %defattr(-,root,root,-)
 %doc CHANGES FAQ NOTES TODO examples/
-%{_bindir}/tmux
-%{_mandir}/man1/tmux.1.gz
+%attr(2755,root,tmux) %{_bindir}/tmux
+%{_mandir}/man1/tmux.1.*
+%attr(775,root,tmux) %{_localstatedir}/run/tmux
 
 %changelog
+* Sun Nov 01 2009 Sven Lankes <sven@lank.es> 1.0-2
+- Add debian patches
+- Add tmux group for improved socket handling
+
 * Sat Oct 24 2009 Sven Lankes <sven@lank.es> 1.0-1
 - New upstream release